x86-64: new CET-enabled PLT format proposal
Rui Ueyama
rui314@gmail.com
Tue Mar 1 09:48:11 GMT 2022
Thank you for sharing the slide!
As to our usage of r11, always cloberring r11 doesn't look pretty
indeed. But I couldn't observe any performance difference by doing
this. I think I can explain why. It's because there's no data
dependency to r11 on function entry. r11 is not expected to be
preserved across a function call, and it's not used for passing an
argument. So no one would read a value from r11 that we write in
PLT[n] (except the code in PLT0). So it cannot cause a pipeline stall
and thus very cheap if not free.
On Tue, Mar 1, 2022 at 6:45 PM Joao Moreira <joao@overdrivepizza.com> wrote:
>
> On 2022-03-01 01:32, Rui Ueyama wrote:
> > On Tue, Mar 1, 2022 at 6:27 PM Joao Moreira <joao@overdrivepizza.com>
> > wrote:
> >>
> >> > This is what I tried first but I then realized that I needed to insert
> >> > another `endbr` between `jmp` and `call`. `jmp GOT[foo]` can jump only
> >> > to `endbr` if CET is enabled, so it can't directly jump to the
> >> > following `call`.
> >> >
> >> Ugh, there we go... dead. Thanks for not letting me waste a ton of
> >> time
> >> :)
> >
> > I actually wasted my time by implementing it only to find that it
> > wouldn't work. :) If you are interested, this is my commit to my
> > linker.
> > https://github.com/rui314/mold/commit/4ec0bbf04841e514aca2000f3d780d14efcaefc9
>
> I'm glad I posted it here before trying to go and implement :)
>
> Regarding the projects mentioned by HJ, I assume one of them is this (in
> case you are curious):
>
> https://static.sched.com/hosted_files/lssna2021/8f/LSS_FINEIBT_JOAOMOREIRA.pdf
>
> In FineIBT we use R11 to pass hashes around through direct calls to
> enable fine-grain CFI on top of IBT.
More information about the Binutils
mailing list